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(54) Electronic funds transfer authentication system 



(57) Electronic Funds Transfer transactions 
between a mobile telephone user and a trader are han- 
dled by the mobile telephone billing system 5. Authenti- 
cation of the user's account details are carried out by 
inten^ogating the user data in the Home Location Regis- 
ter (HLR) 17 of the mobile network. A mobile switching 
centre 4 communicates over a link 7 with an Electronic 
Funds Transfer at Point of Sale (EFTPOS) unit 8 kx^ated 
on the trader's premises 9. The user transmits a code to 
the mobile network using his telephone 1 to request 
authorisation. The user's location, and hence the trader 
concerned, may be unk^uely identified by identification 
of a very-short-range radk) base station (picoceil) 3 to 
which the mobile telephone is working. The account and 



transaction data is communicated to the nrx)bile switch- 
ing centre 4 and thus to the billing system 5 of the cellu- 
lar racfio system, in ader to credit and debit the trader's 
and customer's accounts respectively with the payment 
required, and record the details of the transaction in 
order to generate an itemised bill giving details, for each 
transaction, of the time, trader, and amount debited. 
Entxxjiments using for authentication of stored-value 
cards are also described. 

TTie authaisation data may be used to operate an 
access-control system. 
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Description 

This invention relates to electronic funds transfer. 
Electronic funds transfer is becoming a very popular 
way of paying for goods ar>d services. In essenc , a 
user generally presents a card carrying tfie details of 
the user, either printed or more usually encoded mag- 
netically or in a chip (a so called "smart" card) in order 
to authorise payment. The authenticity of the card is 
verified by the trader to whom payment is due by enter- 
ing the details of the card on a machine connected by a 
telecommunications link to a central database. The 
reading may be done by entering the details manually, 
but is nrtore often done by machine-reading the detail 
encoded on the card. The authenticity of the card hav- 
ing been verified, the accounts of the trader and cus- 
tomer are aedited and debited respectively by the 
appropriate amounts. (These amounts are not neces- 
sarily the same, as the card issuer may take a small 
service charge, which is either added to the amount 
deducted from the customer's account or deducted from 
the amount to be added to the trader's account). 

The customer's account may be a "credit" account 
wherein amounts are deducted from the customer's 
account for repayment later, in response to receipt of 
the bill. Alternatively it may be a "debif account, 
wherein the customer initially places money in the 
accojrrt from which the anrx>unt can be debited as 
required. A variation on this is the 'stored value' card, in 
which the account balance is recorded on the informa- 
tion carrier (the card) itself, and only the authenticity of 
the card is verified by the exchange of data with the cen- 
tral databasa 

In order to guard against fraud, in particular the 
misuse of stolen cards, the customer is frequently 
asked to identify himself either by providing a signature 
or a Personal Identity Nunf*)er (PIN) which is compared 
with the record in the database to ensure that the per- 
son presenting the card is indeed the authaised user. 

The present invention allows the use of a mobile tel- 
ephone, for example one connected to a cellular racfio 
network, to take the place of the traditk)nal plastic credit 
or debit card. The mobile telephone itself may t)e i^ed 
to authorise the transaction. 

According to the invention, there is provided an 
electronic funds transfer authentication system having 
at least one trader unit connected to a central authorisa- 
tion unit, each trader unit having means for receiving an 
authorisation signal from the central authorisatk>n unit; 
the central authorisation unit being associated with a 
database for storing data relating to customers of the 
electronic funds transfer system, and having: means for 
receiving customer data from a customer unit forming 
part of a mobile telephone; means for checking the 
validity of said received data; and means for transmit- 
ting authorisation data to the trader unit. 

According to a further aspect of the invention there 
is provided an authentication method for electronic 



funds transfer, wherein a central authorisatton \s\ii 
receives data, relating to a customer, from a mobile tel- 
ephone carrying said customer data and an authorisa- 
tion signal for confirming the validity of said data is 

5 transmitted from the central authorisation unit to a 
trader unit connected th reta 

The customer data may be transmitted directly to 
tiie central authorisation unit over the mobile radio net- 
work whteh supports the service, in this case a signal 
must be transmitted to give the identity of the trader. 
Alternatively the data may be transmitted from the 
mobile telephone to a special dedicated radio base sta- 
tion unit within the trader's premises. This would auto- 
matically identify the trader by the fact that the mobile 

/5 telephone is in communication with the dedicated b^e 
station. In a typical application, the trader's premises 
may have a cellular radio "pico cell' base station, within 
tiie premises and having a coverage area limited to 
those premises, which allows cellular radk) communica- 

2o tion with the cellular network in tiie normal way, and 
whk:h positively identifies ttiat any transaction carried 
out within range of tiiat ptcocetl is related to that trader 
and no other. 

Authorisation data may be retumed to the trader 

^5 unit by way of the cellular networic and the customer 
unit, or alternatively over a fixed connection from the 
cellular system direct to a trader unit. This fixed connec- 
tion may be associated with ttie afbrementk)ned picocell 
base station. 

30 In one particular arrangement the trader unit is 
arranged to physically interiace witii the cellular tele- 
phone in order to transfer data between the two effec- 
tively. 

Within the scope of the irwention, the credit or debit 

35 value in the customer's account may be stored within 
the cellular telephone itself, using a stored value proc- 
essor. This would still require authorisation from ttie net- 
work, but the value in the account wouki be recorded 
within the telephone itself. The trader unit would then 

40 only require to authenticate the transaction, and to have 
the appropriate amount credited to its account 

Alternatively, the billing system already in place for 
the networic operator coukJ be utilised, to provide the 
owner of the mobile telephone with bills which woukJ 

45 include transactions canied out using the electronic 
funds trarisfer facility. 

The service is of partk:ular application to transac- 
tions which can take place on the move, or in circum- 
stances where the transaction can take place at any 

50 point within a wkie area, and it is inconvenient to have to 
go to a central point for payment, or to have to stop 
solely to make a payment For example, when refuelling 
a motor vehicle, commonly there are a large number of 
fuel pumps distributed over a large forecourt in order to 

55 allow room for vehicles to manoeuvre, and ttie vehrcle 
owner must pay at a kiosk which may be some distanc 
away. It may be inconvenient for tiie driver to have to 
leave his vehicle, partrculariy if he is carrying valuabi 
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gocxis. or accompanied by smalt children. Moreover, in 
order to discourage theft of fuel fuel staten operators 
discourage drivers from driving their vehicles away from 
the punps until they have paid, although this policy pre- 
vents any further vehicles from using the pump until the 5 
transaction is completed, thereby reducing the rate at 
which customers can be served. The use of the mobile 
telephone to authorise payment would remove the need 
for the customer to present himself at a payment kiosk. 

In another applicatton, the collection of tolls for the 10 
use of roads can cause considerable congestion as 
vehicles slow down and stop, drivers search for the cor- 
rect money, etc. Some toil systems allow season tickets 
or stored-value cards which can be read electronically 
thereby allowing some of the traffic to keep nrxaving. is 
reducing congestion and delay. However, this requires 
that the user first obtains such a card, and this Is not 
practical except for regular users of the road in questton. 
Using the present inventkm. a mobile phone user coidd 
pay a toll whilst in motion by allowing the mibWe tele- 20 
phone to transmit its identity and allow the related 
account to be debited accordingly. 

A similar arrangement may also be used to reduce 
congestion at ticket offices and bam'ers on put>lic trans- 
port systems, by automatically debiting the user's 2s 
account as he enters and/or leaves the system. The 
user's authority to travel can be checked by the public 
transport authority by interrogating the datat>ase to 
determine if paynr^ent has indeed been made. 

The invention will now be desaibed in further detail, so 
with reference to the accompanying drawings. 

Rgure 1 shows the main elements of the system in 
a first embodiment. 

Figure 2 shows the elements of the system of a 
second embodiment $s 

Rgure 3 shows the elements of a system of a third 
embodin^ent. 

Figure 4 shows the elOTents of a system of a fourth 
embodiment. 

The systems shown in the Rgures have a number 40 
of features in common. Firstly, each system makes use 
of a mobile telephone (MS), which may be fitted with a 
subscriber identity module (SIM) 2 which cames 
encoded infonmation relating to the user of the mot>ile 
telephone. The mobile telephone 1 communicates with 45 
the mobile telephone system through fixed base trans- 
ceiver sites 3. 3a. 3b. 3c etc wNch communicate with 
the mobile unit 1 by radk) communication, and are con- 
nected by fixed land lines to the rest of the cellular racfio 
network, through a mobile switching centre (MSG) 4. so 
Typically, as a mobile unit 1 moves around, it estab- 
lishes communication with different base transceiver 
sites (BTS), as illustrated in particular in Figure 4 which 
shows the same mobile statfon 1 in communteation at 
different times with three different base transceiver sites 55 
3a. 3b and 3c. The mobile station MS may be hand port- 
able or, as shown in Rgure 3, it may be mounted in a 
vehicle. 



The mobile switching centre 4 communicates with a 
billing system database which monitors call traffic and 
other charges incurred by the user. Such billing systems 
are a feature of exiting telephone systems, being pro- 
vided in order to invoice the user for use of the system, 
e.g. for call charges and standing charges. In embodi- 
ments of the present invention, transactions carried out 
between a trader and the customer (nrx)bile telephone 
user) are also handled by tills billing system. In some 
embodiments, tiie trader also has an account in the bill- 
ing system. There is also an auttientication function 17, 
whKih carries data relating to ttie individual users of tiie 
system. This function is generally carried out as part of 
the Home Location Register (HLR) of ttie mobile net- 
work. 

Turning now to the features specific to Figure 1 , tiie 
mobile switching centre 4 also communicates, either 
over a fixed lii^ 7 as shown, or tivough tiie base trans- 
ceiver site (BTS) with an Electronic Funds Transfer at 
Point of Sale (EFTPOS) unit 8 located on ttie trader's 
premises 9. 

In Figure 2, ttie anrangement is similar to that in Rg- 
ure 1 , except tiiat the mobile unit 1 comnr%jnk:ates wrth 
tiie mcbWe switching centre 4 ttirough an interface 6 witii 
tiie EFTPOS unit 8 itself, rattier than ttirough a base 
transceiver site. This embodiment only makes use of 
tiie fixed part of tiie nfx)bile radio network. 

In Rgure 3 the mobile switching centre MSG com- 
municates witti a control unit 10 for comrolling a banier 
11 which controls access to a toll road, car park, etc 
(12). 

In Figure 4 the function of ttie EFTPOS unit is incor- 
porated in a unit 19 operated by a transport autiiorrty to 
control entry and exit baniers 14 and 15 respectively. As 
well as ttie user's mobile telephone 1, tiiere is also 
shown a second mobile handset 16. for use by an offi- 
cial of the transport auttiority. 

Rgure 1 shows the system in use in order to pay for 
goods or services on a trader's premises 9, on which 
premises ttiere is k)cated a small base transceiver site 
3, designed to have a range limited to the trader's 
premises 9. When a customer wishes to make a trans- 
actbn with the trader, tiie trader first enters data into ttie 
EFTPOS unit 8. for transmission to ttie billing system 5. 
The billing system 5 ttien transmits to ttie EFTPOS unit 
8 a request for the customer's account details, including 
details of the anx>unt to be invoiced. If ttie customer 
wishes to use his mobile telephone 1 to auttiorise this 
payment he enters a code on ttie telephone 1 . and ttie 
code is transmitted through ttie mobile telephone sys- 
tem 3. 4. The mobile switching centre 4 calls up the cus- 
tomer's data from the HLR 17. and if the code is valid, 
identifies ttie base transceiver site 3 on which tiie 
mobile unit 1 is operating, and matches tiiis with ttie 
trader on whose premises 9 ttie base transceiver site 3 
is located. The wobWe switching centi-e 4 tiunsnto an 
authorisation code to the t-ader's EFTPOS unit 8 either 
over a fixed link 7 as shown, or alternatively by way of 
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the BIS 3 and a radio interface. This authorisation code 
cortff irms to the trader that paymertt has been author- 
ised. The account and transaction data is comnujni- 
cated to the nx>bile switching centre 4 and thus to the 
billing system 5 of the cellular radio system, in order to 
credit and debit the trader's and customer's accounts 
respectively with the payment required, and record the 
details of the transaction in order to generate an itenrv 
ised bill giving details, for each transaction, of the time, 
trader, and amount debited. 

If the mobile telephone 1 is the only one currently in 
communication with a BTS 3 specific to the trader, so 
that the trader's request for account details can be 
uniquely matched to a single customer, the request for 
account details may be simplified to a request for 
authorisation of the payment transmitted directly to the 
user's mobile telephone 1 by way of the BTS 3. 

If the mobile telephone 1 is in conminication with a 
base transceiver site BTS 3 which is not specific to the 
trader, for example one which covers a rather larger 
area than the trader's premises 9. the mobile user must 
transmit a code identifying the trader to whom payment 
is to made, so that the mobile switching centre 4 can 
identify the EFTPOS unit 8 with which it is to communi- 
cate. 

In the arrangemerrt shown in Figure 2 the motNle 
telephone 1 communicates directly with the EFTPOS 
unit 8. rather than over a radio interface. The EFTPOS 
unit 8 communicates, over a fixed link 7 or a radio inter- 
face, with the mobile switching centre MSG 4 in order to 
canry out the transaction. The interface 6 between the 
mobile unit MS 1 and EFTPOS unit 8 may be by any 
suitable means compatible with the mobile unit in ques- 
tion. For example, an acoustic coupling to tiie earpiece 
and moutlpiece of the mobile unit may be used. 

In both Rgures 1 and 2 the mobile unit is shown 
illustratively as having a subscriber identity modiie 
(SIM) 2 which carries the relevant user data. The SIM 2 
therefore carries the identity of the customer which is 
used in order to authorise debiting of the customer's 
account in the billing system 5. The data may be held 
permanentiy on the mobile unit 1 instead of on a SIM 2. 

In another arrangement, the SIM 2 or mobile tele- 
phone 1 may carry a stored value, which is updated by 
means of the EFTPOS unit 8. either directiy, or through 
the medium of the cellular network if physical connec- 
tion 8 between the mobile telephone 1 and EFTPOS 
unit 8 is not possible. Similarly the EFTPOS unit 8 may 
include a stored value component which is credited as 
the customer's account is debited, the authenticity of 
th card having been confirmed by communication 
between the EFTPOS unit 8 and the HLR 17. 

Rgure 3 shews a modified system in which the 
trader's EFTPOS unit 8 is replaced by a barrier control 
unit 10. As a user's vehicle 18 approaches the barrier 
1 1 , which controls entrance to a toll road, car park or th 
like (12). the user transmits a special predetermined 
code on his mobile telephone 1 . which code is transmit- 



ted by way of the base transceiver site 3 to the mobile 
switching centre 4. where authorisation is confirmed by 
the HLR 17 and the account in the billing system 5 suit- 
ably debited. Provided that the system authorises pay- 

5 ment. the mobile switching centre 4 transmits a signal to 
tiie t)arrier control 1 0 in order to raise the barrier 1 1 and 
allow the user 1 8 to enter the controlled area. 

A further development of this system, can be used 
in circumstances when the amount due for payment is 

10 dependent on two linked events, for example entry and 
exit times at a car park or. as illustrated in Figure 4, start 
and finish locations (15. 16) of a journey by public trans- 
port. As shown in Rgure 4 a user, on entering the trans- 
port operator's premises, uses her mobile unit 1 to 

IS transmit a signal requesting authority to travel. This sig- 
nal is transmitted by way of a base transceiver site 3a 
associated with the entry banier 15. and the mobile 
switching centre 4 to the transport authority's control 
unit 1 9 which transmits a signal to the barrier equipment 

20 1 5 to allow the user to enter the system, and records the 
time and kx^ation of entry. On exit from the system, by 
way of a second barrier 16, corrtrolled t^y a second t>a&e 
transceiver site 3. ttie user again uses her vnobWe unit 1 
to transmit a code by way of the base transceiver site 3c 

25 and the mobile switching centre 4. to tiie transport 
authority unit 19 which transmits a signal to t>anier con- 
trol 16 to allow exit from the transport authority's sys- 
tem. The transport autiiorrty unit 19 uses the data on 
times and places of entry to, and exit from, the system 

30 to calculate the fare to be pacl. which is tiien automati- 
cally debited from the customer's account in the billing 
system 5 or the stored value in the mobile unit 1 . 

As this system dispenses with the use of tickets or 
other physical autiiorrties to travel, it is necessary to 

35 ensure that a user fourxj traveling on the system has 
authaity to travel. Therefore, whilst in transit a trans- 
port authority official may, by use of his own mobile unit 
17. communicate with the transport autiiority unit 19 
way of the cellular radio system, typrcally by means of a 

40 further base tBnsceiver site 3b, to check that the user 
indeed has authority to be on tiie transport authority's 
premises. 

The offidal's unit 17 interfaces with the user's unit 1 
in order to identify the user record which is to be 
45 checked in the unit 19. This may be done by a physk^al 
or acoustic connection between them or. as shown, 
tiirough the cellular radio system (3b, 4). 

In an alternative arrangement the user's own 
mobile telephone 1 may be used to obtain confirmation 
50 from the transport authorit/s control unit 19 that she 
has autiiority to travel. 

Various other uses for the system may be envis- 
aged. For exarrple the embodiment of Figure 4 may be 
used to control toll roads and car pari<s in which the pay- 
55 ment is not a flat rate, but is pakj on exit according to the 
distance that has t>een travelled since entry. 
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Claims 

1. Electronic funds transfer authentication system 
having at least one trader unit connected to a cen- 
tral authorisation unit each trader unit having s 
means for receiving an authorisation signal from 
the central authorisation unit; 

the central authiorlsation unit being assodated 
with a database for staing data relating to cus- 
tomers of the electronic furxte transfer system, 
and having: 

means for receiving customer data from a 
customer unit forming part of a mobile tel* 
ephone; 

means for checking the validity of said 
received data; and 

means for transmitting authorisation data 
to the trader unit. 

2. A syston according to claim 1, wherein the cus* 
tomer data is transmitted from the mobile telephone 
by way of a mobile telephone network. 

3. A system according to claim 2. further comprising 
means for transmitting the identity of the trader unit 
from the mobile telephone to the central authorisa- 
tion unit 

4. A system according to daim 2. comprising a trader- 
specific cellular radio base station, the central 
authorisation unit being an-anged to identify the 
trader in accordance with the serving base station. 

5. A system according to any preceding daim, 
wherein the system comprises means for transmit- 
ting the authentication data by way of the cellular 
telephone network arxl the customer unit. 

6. A trader unit for use in the system of claim 4 or 5, 
comprising means for coupling to a mobile tele- 
phone, such that data may be exchanged between 
the vndbWe telephone and the trader unit 

7. A system according to any of daims 1 to 4, com- 
prising means for transmitting the authentication 
data over a dedicated link between the central 
authorisation unit and the trader unit. 

8. A system according to any preceding claim wherein 
the customer unit indudes a stored value datat)ase. 

9. A system according to any of daims 1 to 7. wherein 
the customer datat>ase In the central authorisation 
unit comprises data relating to customer accounts 
details, updatable by means of the data transmitted 
over the mobile radio system. 



10. An authentication method for electronic funds 
transfer, wherein a central authorisation unit 
receives data, relating to a customer, from a nKSbile 
telephone carrying said cummer data and an 
authorisation signal for confirming tiie validity of 
said data is transmitted from the certtral autiiorisa- 
tion unit to a trader unit connected thereta 

11. A method according to claim 10, wherein the cus- 
tomer data is transmitted from the customer's 
mobile telephone to the central unit over a cellular 
telephone network, together with identification of 
the trader. 

12. A method according to claim 10, wherein the cus- 
tomer data is transmitted to the trader unit for 
onward transmission to tiie central ur^t 

13. A method according to any of claims 10, 11 and 12. 
wherein the authentication data is returned to the 
trader unit by way of the customer's mdbWe tele- 
phone. 

14. A metiiod according to any of daim 10. 11 or 12. 
wherein the autiientication data is transmitted 
directiy to the trader unit over a dedicated connec- 
tion. 

15. A method according to any of claims 10 to 14. 
wherein the customer unit comprises a staed value 
unit which is updated in response to signals con- 
veyed to the customer unit during the authentication 
process. 

16. A method according to any of claims 10 to 14, 
wherein the customer account information is stored 
in the central unit, and the authentication process 
includes updating the customer record accordingly. 
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